Nearly every modern industry and profession requires the rapid delivery of a variety of types of communications. In many instances, an additional requirement is that the documents be maintained confidential during the delivery process. A still further complication is the ability of the recipient to verify the authenticity of the received document.
To respond to such requirements, the entire courier industry has been developed. Thus, a courier service arranges to pick up an original document from the sender and to deliver it, as promptly as possible within the charging structure, to a recipient. Because the document is maintained in a sealed envelope, confidential communications are frequently entrusted to such courier services. Since the documents can bear original signatures, their authenticity is generally presumed.
However, the operation of a courier service is labor intensive and the cost structure of the industry reflects its dependence on extensive manual effort. In addition, the responsiveness of the industry is generally dependent on the sender and recipient both being in either dose proximity or near a major airport. Thus, a recipient located in a remote portion of a foreign country may encounter significant delays in receiving a communication by courier simply because delivery requires extensive manual handling of the communication.
In addition, while a document delivered by courier is generally presumed to be maintained confidential, in fact it is apparent the confidentiality of the communication may be compromised with exceptional ease. As a result, some industries have taken to using specialized couriers which offer particular assurances of confidentiality.
Still further, the reliability of a courier service is equally limited, since it depends upon each link in a potentially extensive chain operating with substantial success. While such success occurs in the great majority of cases, there are numerous instances where increased reliability would be greatly desirable.
While modem telecommunications offers a response to some of the concerns about couriers, existing systems have generally proven inadequate to provide a suitable replacement for courier services. Thus, while a telephone call offers immediacy and access virtually to the farthest reaches of the globe, conventional telephone communications are not especially secure and do not provide communication of documents.
Fax machines, including fax machines with provision for confidential faxing, likewise suffer from numerous limitations, which include in most instances a lack of data encryption and substantial manual involvement in ensuring that the document is properly entered into the fax machine. Fax modems incorporated into personal computers offer some improvement on the document-loading scheme, but offer little or no encryption of the data, and typically do not verify destination. The result is little security for potentially quite valuable communications.
As a result, there has been a need for a secure communications technique which offers reliable high speed access to virtually anywhere a telephone or other network connection exists, while at the same time offering a high degree of confidentiality and security to the communications.
The security of data sent over telecommunications networks, including telephone networks, is important for many computer applications and systems. With a large network or a network that involves access via a public utility such as the telephone company, it is impractical to assure the physical security of the communications channel. Even with a single location, the size and configuration of most networks (e.g., wires, fiber optic cables, switching hardware, etc.) make it expensive or impossible to assure that communications are not being monitored.
An ideal data communications system would be easy to operate, inexpensive, reliable, widely available, fast, and secure. Existing networks, such as the public switched telephone network (PSTN), may be used to obtain some of these characteristics. In particular, the PSTN is relatively inexpensive, widely available, and reliable. The PSTN can be used to exchange digital data with reasonable speed (e.g., 28.8 kilobits per second using a modem implementing the V.34 protocol defined in International Telecommunications Union, “Recommendation V.34—A modem operating at data signaling rates of up to 28800 bit/s for use on the general switched telephone network and on leased point-to-point 2-wire telephone-type circuits,” September 1994.) Higher speed modems, such as those operating at 33.6 or 56 kilobits per second, ISDN lines operating at up to 128 k-bits, or ADSL lines operating at even higher rates offer improved performance through the PSTN.
However, the PSTN is often not sufficiently secure for exchanging sensitive information. Specifically, communications may be monitored by tapping a telephone line or by recording a call at the telephone switch. Additional privacy protection is thus desirable.
Some kinds of protection may be added by users of the network to protect their own communications. For example, encryption may be used to ensure that eavesdroppers cannot determine the content of communications. Encryption algorithms, including the Data Encryption Standard (DES), are well known in the background art and may be used in scrambling and security systems to protect the privacy of data. (DES is defined in National Bureau of Standards, NBS FIPS PUB 46-1, “Data Encryption Standard,” U.S. Department of Commerce, January 1988.)
End users can also use cryptography to protect their data exchanges against accidental or malicious modification. (Such tampering can occur even if data is encrypted, since changes made to the ciphertext data stream will generally result in changes to the Plaintext data produced by the decryption process.) To protect against tampering, keyed MAC functions such as HMAC are often used. (HMAC is defined in M. Bellare, R. Canetti, and H. Krawczyk, “Keying Hash Functions for Message Authentication,” Advances in Cryptology—Crypto '96 Proceedings, Springer-Verlag, 1996, pp. 1-15.) Alternatively, data may be digitally signed, for example using the RSA algorithm of U.S. Pat. No. 4,405,829 to Rivest et al. or using the Digital Signature Standard (National Institute of Standards and Technology, NIST FIPS PUB 186, “Digital Signature Standard,” U.S. Department of Commerce, May 1994). Protocols and techniques usable by communicants to encrypt data and to protect data against tampering are well known in the background art. For example, the SSL protocol, used widely to protect transactions on the world wide web and in other applications, combines asymmetric (public-key) cryptography, symmetric (secret-key) cryptography, and MACs to securely select which cryptographic algorithms to use, authenticate communicants, negotiate shared keys, encrypt and decrypt data for privacy, and protect data against modification.
Encrypting modems (and other network interfaces) which use DES and other encryption algorithms to protect communications sent over the public switched telephone network (and other communications systems) are also known. Secure modems using encryption algorithms such as DES are commercially available, and modems running more sophisticated cryptographic protocols (such as SSL) are also known. Such modems can, if used properly, provide users with good cryptographic assurance of data privacy and integrity.
However, such encrypting modems cannot solve many applications' security and business requirements, and consequently they have failed to gain widespread acceptance in the marketplace. For example, existing encrypting modems used over the PSTN cannot protect the identities of communicating parties. In many cases it is as important to conceal from eavesdroppers the identities of the communicants as it is to protect the actual content of their communication. This problem cannot be solved by an end-user device since, for example, an eavesdropper can identify the recipient of a modem connection simply by observing the telephone number dialed by the party originating the call (e.g., by monitoring the DTMF tones generated by the transmitting telephone or modem). Other networking protocols suffer from the same limitation that eavesdroppers can determine at least identity of the intended recipient of data, even if the data is encrypted. Although Internet-based systems for protecting users' anonymity are known (e.g., remailers for PGP-encrypted e-mail and anonymizers for world wide web communications), the techniques they employ do not work with public switched telephone networks, and companies generally do not wish to send their private communications over the Internet.
A second problem with systems known in the background art is that the cost of the development and manufacture of the secure modem hardware and software must be recovered when users purchase the equipment. Since no after-purchase revenue is available to device manufacturers and vendors, customers are forced to make a substantial initial investment, often of several hundred dollars per user, to purchase the hardware and/or software. Many potential customers, such as companies with a large number of users who would all need to be equipped with the hardware, are deterred by this initial cost and ultimately end up using cheaper, less secure systems.
There has therefore been a long felt need for a data communications system which is easy to use, reliable, fast, secure and economical for transmitting confidential or sensitive information expeditiously even to remote points.